LDAP authentication question

Hello everyone!
Please have in mind that I'm a new user and LDAP noobie.

My goal was to install LDAP server, then use migration tools to migrate my Linux users to LDAP, and then configure LDAP client and PAM properly so I could log into Linux using data stored in LDAP directory.

I can log out from my account, and log back to a test user, despite deleting his data from /etc/passwd and /etc/shadow (which is neccesary to check if ldap works ok, I guess -after that getent has only one outcome pointing to ldap, where data still exists).

But I have problem with a following command:

Code:

passwd user

(changing user's password).
I get an info that both ldap and passwd passwords were changed successively. I try to relog and I can login with my old (lets say: test) and new (test2) password. If i try passwd again and change it to test3 I can login with test and test3 (test2 not working).
But if I try:

Code:

su user

only test3 password works.

I'm not sure if that's relevant but if I check that user (whose password was changed with passwd user)in Luma it shows something like this in userpassword value : {crypt}$1$BiSCYSPa$6OrmqClnu3h6juR1q89AJ/
Any other user whose password was not changed (only migrated) is : {crypt}x

What is going on? Can anyone explain that to me? Where is that oldest password (test) stored if I deleted entries in /etc/passwd and /etc/shadow?